Privacy & Sigma Protocols
Intermediate
2-4 hoursPrivacy-Friendly One-Time Receive Pattern
Generate one-time addresses/boxes for better transaction graph privacy
Problème
Reusing addresses links all your transactions together, reducing privacy. Anyone can see your full transaction history.
Solution
Generate unique one-time addresses for each receive. Using Diffie-Hellman key exchange, sender creates a box only the receiver can spend, without revealing the receiver's main address.
Fonctionnement
- 1Receiver publishes a public key (or derives from main address)
- 2Sender generates ephemeral keypair for this transaction
- 3Sender computes shared secret via ECDH
- 4Sender creates box spendable by derived one-time key
- 5Receiver scans blockchain for boxes they can spend
- 6Receiver derives private key from shared secret to spend
Exemples de code
{
// One-time receive box
// R4: Ephemeral public key (sender's temporary key)
// R5: Encrypted memo (optional)
// The box is spendable by the one-time key derived from:
// oneTimePrivKey = receiverPrivKey * hash(sharedSecret)
// sharedSecret = ECDH(ephemeralPriv, receiverPub)
// = ECDH(receiverPriv, ephemeralPub)
val ephemeralPubKey = SELF.R4[GroupElement].get
// The proposition is a standard proveDlog
// but the public key is the one-time derived key
// Receiver computes: oneTimePub = receiverPub * hash(sharedSecret)
proveDlog(oneTimePubKey)
}One-time receive box. The spending key is derived from shared secret, only computable by the intended receiver.
Cas d'utilisation
- →Private donations
- →Salary payments
- →Merchant payments
- →Anonymous tips
- →Privacy-preserving invoices
Considérations de sécurité
- !Store receiver private key securely
- !Scan regularly for incoming payments
- !Consider timing attacks when spending
- !Use with mixing for enhanced privacy
- !Ephemeral keys must be truly random
Ressources
Considérations de frais
Standard transaction fees. Scanning requires indexing or full node access.